Privacy Policy

1. Introduction

This Privacy Policy describes how Kidverse SRL (“Kidverse,” “we,” “us,” or “our”) processes personal data when you use the Kidverse mobile application, related website, and related services (collectively, the “Service”).

We aim to use clear, parent-friendly language. If anything in this Policy is unclear, you can contact us at privacy@palexio.com.

2. Who We Are

Kidverse SRL is the publisher of the Service and, for applicable data protection purposes, the data controller for personal data processed through the Service, except where another party acts as an independent controller for its own services.

Contact details:

Kidverse SRL
Zavoi, nr. 179, Romania
Email: privacy@palexio.com

3. Who the App Is For

The Service is intended for use by parents, guardians, and other adults who generate and manage stories for children. The account holder is expected to be an adult.

We design the Service so that direct child identification is minimized. For example, we do not require or intend to store a real child name to provide the core story-generation functionality.

4. Data We Collect

4.1 Account and authentication data

When you create or use an account, we may collect:

• email address;
• username or nickname you choose;
• authentication identifiers, such as internal user ID, session ID, OAuth provider identifiers, and login tokens;
• basic technical and security-related account metadata needed to authenticate and protect your account.

4.2 Child-related profile configuration

To help generate age-appropriate content, we may collect profile settings related to a child, such as:

• age range or age interval (for example, 3–5 or 6–8), not an exact birth date;
• story interests and preferences selected from a predefined list, such as animals, bedtime, dinosaurs, adventure, or space;
• other non-identifying content preferences you choose, such as story length or style.

We do not require or intend to store a real child name as part of normal use of the Service.

4.3 Story requests, generated content, and library data

We may collect and store:

• story prompts and request parameters you submit;
• generated stories in text, audio, image, or related formats;
• story library and replay history associated with your account;
• feedback, support requests, or reports you send to us.

4.4 Device and security information

We may process limited device, application, and security information necessary to run, secure, and troubleshoot the Service, such as app version, device type, operating system, error logs, and login/session events.

4.5 Data we do not intentionally collect for the core Service

Based on the current version of the Service, we do not intentionally collect:

• precise or approximate location data;
• camera, photo library, video, or microphone recordings from your device;
• contacts, calendar, SMS, call logs, or local files;
• payment card details in the app;
• sensitive personal data such as health data, political opinions, religion, or sexual orientation.

5. How We Use Data

We use personal data to:

• create and manage your account;
• authenticate users and maintain secure sessions;
• generate and deliver stories and related content;
• personalize stories based on selected age range and interests;
• save content to your story library and enable replay features;
• provide customer support and respond to requests;
• maintain, secure, debug, and improve the Service;
• detect, prevent, and investigate misuse, fraud, abuse, or security incidents;
• comply with applicable law, legal process, and enforcement requests.

6. Legal Bases for Processing

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

• Performance of a contract: to provide the Service you request, including account access, authentication, story generation, storage, and related features.
• Legitimate interests: to secure, maintain, improve, defend, and administer the Service, and to prevent abuse and misuse.
• Consent: where required by law for a specific activity.
• Legal obligation: where processing is necessary to comply with applicable law, lawful requests, or regulatory obligations.

7. How We Share Data

We do not sell personal data. We share personal data only where reasonably necessary to operate the Service, comply with law, or protect rights and safety.

7.1 Service providers and processors

We may share data with trusted service providers, including:

• Clerk, for authentication and identity management;
• Google and Apple, when you choose sign-in methods they provide;
• OpenAI, to generate story content from prompts and non-identifying context;
• hosting, infrastructure, security, storage, and support providers we use to operate the Service.

7.2 Legal and safety disclosures

We may disclose data where reasonably necessary to:

• comply with legal obligations, court orders, or lawful requests;
• enforce our Terms or other agreements;
• detect, investigate, or prevent fraud, abuse, security incidents, or illegal activity;
• protect the rights, property, and safety of Kidverse, users, children, or others.

7.3 Business transfers

If we are involved in a merger, acquisition, reorganization, asset sale, or similar transaction, personal data may be transferred as part of that transaction, subject to applicable law.

8. Use of OpenAI for Story Generation

We use OpenAI as a third-party processor or service provider to help generate story content.

When a story is requested, we may send to OpenAI information such as:

• selected age range;
• story interests and preferences;
• story type or style settings;
• other non-identifying prompt content needed to generate a story.

We do not intend to send real child names or direct child identifiers to OpenAI as part of ordinary story generation.

9. Children’s Privacy

The Service is intended for use by adult parents or guardians and is not intended for children to sign up directly.

We seek to minimize collection of child-related data by avoiding direct child identifiers where possible. For example, we use age ranges and preference categories instead of requiring a real child name.

If you believe a child has provided us with personal data in a way that is inconsistent with this Policy, please contact us at privacy@palexio.com and we will review the request and take appropriate action.

10. Data Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, maintain records, resolve disputes, enforce agreements, and comply with law.

• Account data is generally kept while your account is active and for a reasonable period afterward for legal, security, backup, and administrative reasons.
• Story library data and related preferences are generally kept while needed to provide replay, personalization, and account functionality, unless you delete them or request deletion.
• Child profile configuration such as age range and interests is kept only as long as needed to provide the related story-generation functionality.

11. International Data Transfers

Your personal data may be processed in countries other than your own, including countries that may have different data protection laws.

Where required, we take steps intended to provide appropriate safeguards for international transfers, such as contractual protections, data processing agreements, and other recognized transfer mechanisms.

12. Security

We use reasonable technical and organizational measures designed to protect personal data, including measures such as:

• encryption in transit where appropriate;
• secure storage methods for authentication tokens on supported devices;
• restricted access to systems and data based on business need;
• monitoring, logging, and safeguards aimed at preventing unauthorized access, misuse, or disclosure.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

13. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal data, including the right to:

• access personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of personal data;
• request restriction of processing;
• object to certain processing;
• request data portability where applicable;
• withdraw consent where processing is based on consent.

Where applicable, a parent or legal guardian may also exercise relevant rights on behalf of their child in connection with child-related profile settings used in the Service.

To exercise any of these rights, contact us at privacy@palexio.com. We may ask for information necessary to verify your identity before acting on a request.

If you are in the European Economic Area, United Kingdom, or another region with a similar right, you may also have the right to lodge a complaint with your local data protection authority.

14. Deleting Your Account

You may request deletion of your account and associated personal data by contacting us at support@palexio.com or by using in-app deletion features if available.

After receiving a valid request, we will delete or anonymize personal data as required by applicable law, except where we need to retain certain data for legal, security, fraud-prevention, backup, or recordkeeping reasons.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we do, we will post the updated version and revise the “Effective date” above. Where appropriate, we may also notify you through the app, website, or email.

16. Contact Us

For privacy questions, requests, or complaints, contact:

Kidverse SRL
Zavoi, nr. 179, Romania
Privacy email: privacy@palexio.com
Support email: support@palexio.com